More Like this

1. DeepContext: An OpenFlow-Compatible, Host-Based SDN for Enterprise Networks

   https://doi.org/10.1109/LCN.2017.12  

   Najd, Mohamed E.; Shue, Craig A. (October 2017, IEEE Conference on Local Computer Networks (LCN))

   The software-defined networking (SDN) paradigm promises greater control and understanding of enterprise network activities, particularly for management applications that need awareness of network-wide behavior. However, the current focus on switch-based SDNs raises concerns about data-plane scalability, especially when using fine-grained flows. Further, these switch-centric approaches lack visibility into end-host and application behaviors, which are valuable when making access control decisions. In recent work, we proposed a host-based SDN in which we installed software on the end-hosts and used a centralized network control to manage the flows. This improve scalability and provided application information for use in network policy. However, that approach was not compatible with OpenFlow and had provided only conservative estimates of possible network performance. In this work, we create a high performance host-based SDN that is compatible with the OpenFlow protocol. Our approach, DeepContext, provides details about the application context to the network controller, allowing enhanced decision-making. We evaluate the performance of DeepContext, comparing it to traditional networks and Open vSwitch deployments. We further characterize the completeness of the data provided by the system and the resulting benefits. 

   more » « less
2. Load Balanced Controller Association in Wireless Distributed SDNs

   https://doi.org/10.1109/PerComWorkshops48775.2020.9156178  

   Starke, Allen; McNair, Janise (March 2020, IEEE Pervasive Computing Conference PhD Workshop)

   null (Ed.)

   Wireless infrastructure is steadily evolving into wireless access for all humans and most devices, from 5G to Internet-of-Things. This widespread access creates the expectation of custom and adaptive services from the personal network to the backbone network. In addition, challenges of scale and interoperability exist across networks, applications and services, requiring an effective wireless network management infrastructure. For this reason Software-Defined Networks (SDN) have become an attractive research area for wireless and mobile systems. SDN can respond to sporadic topology issues such as dropped packets, message latency, and/or conflicting resource management, to improved collaboration between mobile access points, reduced interference and increased security options. Until recently, the main focus on wireless SDN has been a more centralized approach, which has issues with scalability, fault tolerance, and security. In this work, we propose a state of the art WAM-SDN system for large-scale network management. We discuss requirements for large scale wireless distributed WAM-SDN and provide preliminary benchmarking and performance analysis based on our hybrid distributed and decentralized architecture. Keywords: software defined networks, controller optimization, resilience. 

   more » « less
3. In-network Reinforcement Learning for Attack Mitigation using Programmable Data Plane in SDN

   Ganesan, Aparna; Sarac, Kamil (July 2024, The 33rd International Conference on Computer Communications and Networks (ICCCN 2024))

   The development of reinforcement learning (RL) algorithms has created a paradigm where the agents are trained to learn directly by observing the environment and learning policies to perform tasks autonomously. In the case of network environments, these agents can control and monitor the traffic as well as help preserve the confidentiality, integrity, and availability of resources and services in the network. In the case of software defined networks (SDN), the centralized controller in the control plane has become the single point of failure for the entire network. Reactive routing in SDNs makes such networks vulnerable to denial-of-service (DoS) attacks that aim to overwhelm switch memory and the control channel between SDN switches and controllers. One potential solution to cope with such attacks is to use an intelligent mechanism to detect and block them with minimal performance overhead for the controller and control channel. In this work, we investigate the practicality and effectiveness of a reinforcement learning (RL) approach to cope with DoS attacks in SDN networks that utilize programmable switches. Assuming the existence of a reliable reward function, we demonstrate that an RL-based approach can successfully adapt to the changing nature of attack traffic to detect and mitigate attacks without overwhelming switch memory and the control channel in SDN. 

   more » « less
4. In-network Reinforcement Learning for Attack Mitigation using Programmable Data Plane in SDN

   Ganesan, Aparna; Sarac, Kamil (July 2024, IEEE)

   The development of reinforcement learning (RL) algorithms has created a paradigm where the agents are trained to learn directly by observing the environment and learning policies to perform tasks autonomously. In the case of network environments, these agents can control and monitor the traffic as well as help preserve the confidentiality, integrity, and availability of resources and services in the network. In the case of software defined networks (SDN), the centralized controller in the control plane has become the single point of failure for the entire network. Reactive routing in SDNs makes such networks vulnerable to denial-of-service (DoS) attacks that aim to overwhelm switch memory and the control channel between SDN switches and controllers. One potential solution to cope with such attacks is to use an intelligent mechanism to detect and block them with minimal performance overhead for the controller and control channel. In this work, we investigate the practicality and effectiveness of a reinforcement learning (RL) approach to cope with DoS attacks in SDN networks that utilize programmable switches. Assuming the existence of a reliable reward function, we demonstrate that an RL-based approach can successfully adapt to the changing nature of attack traffic to detect and mitigate attacks without overwhelming switch memory and the control channel in SDN. 

   more » « less
5. A Scalable Blockchain Framework for Secure Data and Computational Resource Management in SDN

   https://doi.org/10.1109/GCWkshp64532.2024.11100329  

   Das, Debashis; Landrum, La Chiara; Chatterjee, Pushpita; Ghosh, Uttam (December 2024, IEEE)

   The rapid evolution of Software-Defined Networking (SDN) has transformed network management by decoupling the control and data planes. It provides centralized control, enhanced flexibility, and programmability of network management services. However, this centralized control introduces security vulnerabilities and challenges related to data integrity, unauthorized access, and resource management. In addition, it brings forth significant challenges in secure and scalable data storage and computational resource management. These challenges are further increased by the need for real-time processing and the ever-increasing volume of data. To address these challenges, this paper presents a scalable blockchain-based framework for security and computational resource management in SDN architectures. The proposed framework ensures decentralized and tamper-resistant data handling and utilizes smart contracts for automated resource allocation. Due to the need for advanced security and scalability in SDN networks, this work incorporates sharding to improve parallel processing capabilities. The performance of sharded versus non-sharded blockchain systems under various network conditions is evaluated. Our findings demonstrate that the sharded blockchain model enhances scalability and throughput with robust security and fault tolerance. The framework is also assessed for its performance, scalability, and security to enhance SDN resilience against data breaches, malicious activities, and inefficient resource distribution. 

   more » « less